In traditional security architecture, a computing device may run an in-band security agent that is dependent on the operating system (OS) and OS-provided TCP/IP stack to provide security updates. Specifically, when a security update is available, the security agent may download the update, apply the update, and restart affected software components (or, as necessary, reboot the system as a whole).